Search CVE reports


Toggle filters

1 – 6 of 6 results


CVE-2023-26964

Medium priority
Needs evaluation

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).

1 affected packages

rust-hyper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-hyper Needs evaluation Not in release Needs evaluation Not in release Ignored
Show less packages

CVE-2022-31394

Medium priority
Needs evaluation

Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.

1 affected packages

rust-hyper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-hyper Not affected Not in release Needs evaluation Not in release Ignored
Show less packages

CVE-2021-32715

Medium priority
Vulnerable

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This...

1 affected packages

rust-hyper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-hyper Not affected Not in release Vulnerable Not in release Ignored
Show less packages

CVE-2021-32714

Medium priority
Vulnerable

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or...

1 affected packages

rust-hyper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-hyper Not affected Not in release Vulnerable Not in release Ignored
Show less packages

CVE-2021-21299

Low priority
Needs evaluation

hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw...

1 affected packages

rust-hyper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-hyper Needs evaluation Not in release Needs evaluation Not in release Not in release
Show less packages

CVE-2020-35863

Medium priority
Not affected

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.

1 affected packages

rust-hyper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-hyper Not affected Not in release Not in release
Show less packages